Nodeware will attempt to scan every discovered device for vulnerabilities unless they are explicitly excluded from scanning or unresponsive on the network. For more information on excluding devices, see the Excluding Devices knowledge base article in the Nodeware Dashboard section.
Devices are prioritized for vulnerability scanning based on several factors. The primary factor is whether a device is new to a network–new devices are scanned first to shorten the time from detection to getting a full security assessment of a device and the risks it poses to your network.
Secondarily, device rescan requests are considered. While Nodeware continuously scans your network, during remediation work it may be helpful to more quickly see the results of scans. This can be requested via the rescan button on the device view. For more information on rescanning a device, see the Rescanning Devices knowledge base article in the Nodeware Dashboard section.
At any given time, Nodeware can be scanning up to 4 devices in parallel. This queuing system and the slower timing of scans allows Nodeware to maintain low network utilization and avoid impacting the availability of devices.
When a device has finished scanning, another is loaded into a queue spot. Once a full pass of the network has been completed and no new devices are detected, the scanner will reload and restart the process. This will result in a small gap in time between the last scan of a pass and the first scan of the next pass. It is necessary to ensure the latest vulnerability data is used at the time of scanning.
Scan data about a device is only retained on the Nodeware Sensor for the duration of the scan. Once a scan is complete, the data is transmitted over encrypted channels to the Nodeware cloud for viewing in the dashboard.